ID CVE-1999-0407
Summary By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
References
Vulnerable Configurations
  • Microsoft IIS 4.0
    cpe:2.3:a:microsoft:internet_information_server:4.0
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Web Servers
NASL id IIS_AUTHENTIFICATION_MANAGER.NASL
description Microsoft IIS installs the 'aexp2.htr', 'aexp2b.htr', 'aexp3.htr', or 'aexp4.htr' files in the '/iisadmpwd' directory by default. These fiels can be used by an attacker to brute-force a valid username/password. A valid user may also use it to change his password on a locked account, bypassing password policy.
last seen 2019-01-16
modified 2018-11-15
plugin id 10371
published 2000-04-15
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10371
title Microsoft IIS /iisadmpwd/aexp2.htr Password Policy Bypass
refmap via4
bugtraq
  • 19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS
  • 19990209 Re: IIS4 allows proxied password attacks over NetBIOS
xf iis-iisadmpwd
Last major update 17-10-2016 - 21:59
Published 09-02-1999 - 00:00
Back to Top